U.S. patent number 8,693,990 [Application Number 13/417,580] was granted by the patent office on 2014-04-08 for system, method, and apparatus for proximity-based authentication for managing personal data.
This patent grant is currently assigned to International Business Machines Corporation. The grantee listed for this patent is Michael D Facemire, Frank L Jania, Tracy L Rankin, Michael Wanderski. Invention is credited to Michael D Facemire, Frank L Jania, Tracy L Rankin, Michael Wanderski.
United States Patent |
8,693,990 |
Facemire , et al. |
April 8, 2014 |
System, method, and apparatus for proximity-based authentication
for managing personal data
Abstract
A computer program product that includes a computer useable
storage medium to store a computer readable program for
proximity-based authentication for managing personal data that,
when executed on a computer, causes the computer to perform
operations. The operations include receiving a request for personal
data from a data access device, determining a first location
corresponding to a location of the data access device, and
determining a second location corresponding to a location of an
authentication device. The operations also include transmitting the
personal data to the data access device if the first location is
within a threshold distance of the second location.
Inventors: |
Facemire; Michael D (Pittsboro,
NC), Jania; Frank L (Chapel Hill, NC), Rankin; Tracy
L (Raleigh, NC), Wanderski; Michael (Durham, NC) |
Applicant: |
Name |
City |
State |
Country |
Type |
Facemire; Michael D
Jania; Frank L
Rankin; Tracy L
Wanderski; Michael |
Pittsboro
Chapel Hill
Raleigh
Durham |
NC
NC
NC
NC |
US
US
US
US |
|
|
Assignee: |
International Business Machines
Corporation (Armonk, NY)
|
Family
ID: |
43306847 |
Appl.
No.: |
13/417,580 |
Filed: |
March 12, 2012 |
Prior Publication Data
|
|
|
|
Document
Identifier |
Publication Date |
|
US 20120178419 A1 |
Jul 12, 2012 |
|
Related U.S. Patent Documents
|
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
Issue Date |
|
|
12485736 |
Jun 16, 2009 |
|
|
|
|
Current U.S.
Class: |
455/411; 455/457;
455/456.1; 455/556.1; 455/410; 726/29; 455/414.2 |
Current CPC
Class: |
H04L
63/08 (20130101); H04W 4/023 (20130101); H04L
63/0492 (20130101); H04L 63/107 (20130101) |
Current International
Class: |
H04M
1/66 (20060101) |
Field of
Search: |
;455/410,411,414.2,414.3,456.1-457,556.1 |
References Cited
[Referenced By]
U.S. Patent Documents
Primary Examiner: Patel; Nimesh
Attorney, Agent or Firm: Holman; Jeffrey T.
Parent Case Text
CROSS-REFERENCE TO RELATED APPLICATIONS
This application is a continuation of U.S. application Ser. No.
12/485,736, filed on Jun. 16, 2009, which is incorporated by
reference herein in its entirety.
Claims
What is claimed is:
1. A computer implemented method for proximity-based authentication
for managing personal data, the method comprising: receiving, at an
access controller, a request for personal data from a data access
device of a requesting party, wherein the personal data belongs to
a personal data owner, wherein the personal data does not belong to
the requesting party, wherein the data access device comprises a
request transmitter to transmit the request, wherein the data
access device comprises a personal data receiver to receive the
personal data; maintaining a first access level and a second access
level for the personal data, wherein the first access level permits
access to a first subset of the personal data and the second access
level permits access to a second subset of the personal data;
accessing a data access device database associating the data access
device with a first location corresponding to a location of the
data access device; receiving second location data indicating a
second location corresponding to a location of an authentication
device; transmitting the first subset of the personal data to the
data access device in response to determining that the second
location is within a first threshold distance of the first
location; transmitting the second subset of the personal data to
the data access device in response to determining that the second
location is within a second threshold distance of the first
location; assigning the second access level to the received request
for personal data in response to determining that the data access
device is entitled to access the second subset of the personal
data; and transmitting only the second subset of the personal data
and not transmitting the first subset of the personal data to the
data access device in response to determining that the second
location is within the second threshold distance of the first
location and not within the first threshold distance of the first
location and in response to receiving a confirmation code
indicating that the personal data owner authorizes release of the
personal data, wherein the confirmation code is separate and
distinct from the second location data, wherein the confirmation
code is input by the personal data owner.
2. The computer implemented method of claim 1, wherein the request
for personal data from the data access device comprises the second
location data.
3. The computer implemented method of claim 1, wherein the second
location data is received from the authentication device.
4. A computer implemented method for proximity-based authentication
for managing personal data, the method comprising: receiving, at an
access controller, a request for personal data from a data access
device of a requesting party, wherein the personal data belongs to
a personal data owner, wherein the personal data does not belong to
the requesting party, wherein the data access device comprises a
request transmitter to transmit the request, wherein the data
access device comprises a personal data receiver to receive the
personal data; maintaining a first access level and a second access
level for the personal data, wherein the first access level permits
access to a first subset of the personal data and the second access
level permits access to a second subset of the personal data;
determining a first location corresponding to a location of the
data access device; determining a second location corresponding to
a location of an authentication device; receiving a confirmation
code indicating that the personal data owner authorizes release of
the personal data, wherein the confirmation code is separate and
distinct from the second location data, wherein the confirmation
code is input by the personal data owner; and transmitting the
personal data to the data access device in response to determining
that the second location is within a threshold distance of the
first location and in response to receiving the confirmation
code.
5. The computer implemented method of claim 4, further comprising
receiving the confirmation code from the data access device.
6. The computer implemented method of claim 4, further comprising
receiving the confirmation code from the authentication device.
7. The computer implemented method of claim 4, further comprising
receiving a timeframe for continued access from the personal data
owner.
8. The computer implemented method of claim 1, wherein transmitting
the personal data to the data access device further comprises
limiting the personal data transmitted to the data access device to
the second subset of the personal data in response to assigning the
second access level to the received request for personal data.
9. The computer implemented method of claim 8, further comprising
maintaining a data access device database associating the data
access device with an allowed access level indicating allowed
access to one or more data items, and wherein determining that the
data access device is entitled to access the second subset of the
personal data comprises comparing the allowed data access level to
the second access level.
10. The computer implemented method of claim 8, further comprising
receiving input from a personal data owner indicating one or more
data items to be included in the second subset of the personal
data.
11. The computer implemented method of claim 8, further comprising
establishing a default set of data items to be included in the
second subset of the personal data.
Description
BACKGROUND
Individuals frequently need to share their personal information
with third parties. This information may include sensitive data
such as Social Security numbers, healthcare information, etc.
Typically, personal information is shared directly with the third
party with the assumption that the third party is entitled to
receive the information and will protect the information.
Unfortunately, however, misuse and theft of personal information
provided to third parties is becoming more and more common,
resulting in significant harm to the individual who provided the
personal information.
Additionally, the amount of personal and private information that a
given individual must maintain is growing at a rapid pace, and it
is becoming more and more difficult for individuals to manage the
increasing volume of data. Various strategies have been developed
for maintaining this ever-increasing volume, including mechanisms
maintained by users to store the private information. These
mechanisms do not solve the problem of information previously
shared with a third party being accessed later without permission,
nor do they provide any means of determining if the entity
requesting information is entitled to receive the information.
SUMMARY
Embodiments of a computer program product are described. In one
embodiment, the computer program product includes a computer
useable storage medium to store a computer readable program for
proximity-based authentication for managing personal data that,
when executed on a computer, causes the computer to perform
operations. The operations may include receiving a request for
personal data from a data access device, determining a first
location corresponding to a location of the data access device, and
determining a second location corresponding to a location of an
authentication device. The operations may also include transmitting
the personal data to the data access device if the first location
is within a threshold distance of the second location. Other
embodiments of the computer program product are also described.
Embodiments of a system for proximity-based authentication for
managing personal data are also described. In one embodiment, the
system includes an access controller to manage access to personal
data, a data access device coupled to the access controller to
access the personal data, and a personal data store coupled to the
access controller to store the personal data. In some embodiments,
the access controller includes a request receiver to receive a
request for the personal data from a data access device, a first
location determiner to determine a first location corresponding to
a location of the data access device, and a second location
determiner to determine a second location corresponding to a
location of an authentication device to authenticate the request
for personal data. In one embodiment, the access controller
includes a personal data transmitter to transmit the personal data
to the data access device if the first location is within a
threshold distance of the second location. The data access device,
in one embodiment, includes a request transmitter to transmit the
request for personal data to the access controller, and a personal
data receiver to receive the personal data from the access
controller. Other embodiments of the system are also described.
Embodiments of a computer-implemented method are also described. In
one embodiment, the computer-implemented method is a method for
proximity-based authentication for managing personal data. The
method includes receiving a request for personal data from a data
access device and accessing a data access device database
associating the data access device with a first location
corresponding to a location of the data access device. In some
embodiments, the method also includes receiving second location
data indicating a second location corresponding to a location of an
authentication device, and transmitting the personal data to the
data access device if the first location is within a threshold
distance of the second location. Other embodiments of the
computer-implemented method are also described.
Other aspects and advantages of embodiments of the present
invention will become apparent from the following detailed
description, taken in conjunction with the accompanying drawings,
illustrated by way of example of the principles of the
invention.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 depicts a schematic diagram of one embodiment of a system
for proximity based authentication for managing personal data.
FIG. 2 depicts a schematic diagram of one embodiment of the access
controller of FIG. 1.
FIG. 3 depicts a schematic diagram of one embodiment of the data
access device of FIG. 1.
FIG. 4 depicts a schematic diagram of one embodiment of the
authentication device of FIG. 1.
FIG. 5 depicts a schematic diagram of another embodiment of a
system for proximity-based authentication for managing personal
data.
FIG. 6 is a flowchart diagram depicting one embodiment of a method
for proximity-based authentication for managing personal data.
Throughout the description, similar reference numbers may be used
to identify similar elements.
DETAILED DESCRIPTION
In certain embodiments, an access controller determines if an
authentication device, assigned to and in the possession of a
personal data owner, is within a threshold distance of a data
access device requesting personal data. By determining that the
authentication device, and thus, the personal data owner, is close
to the data access device, the access controller can infer that the
personal data owner may be allowing access to the personal data.
More importantly, the access controller can determine that if the
authentication device is not close to the data access device,
personal data should not be released to the data access device.
Controlling the access to personal data by inferring proximity of
the personal data owner to the data access device reduces the risk
of unauthorized access to the personal data.
In the following description, specific details of various
embodiments are provided. However, some embodiments may be
practiced with less than all of these specific details. In other
instances, certain methods, procedures, components, structures,
and/or functions are described in no more detail than to enable the
various embodiments of the invention, for the sake of brevity and
clarity.
While many embodiments are described herein, at least some of the
described embodiments determine a first location associated with a
data access device and a second location associated with an
authentication device. If the first location is within a threshold
distance of the second location, personal data may be released to
the data access device.
FIG. 1 depicts a schematic diagram of one embodiment of a system
100 for proximity based authentication for managing personal data.
The system 100 includes an access controller 102, a network 104, a
data access device 106, an authentication device 108, a personal
data store 110, and a data access device database 112. The system
100 controls access to personal data by determining if the
authentication device 108 is within a threshold distance of the
data access device 106.
The access controller 102, in one embodiment, controls access to
the personal data stored in the personal data store 110. The access
controller 102 receives a request for personal data from the data
access device 106 and determines if the authentication device 108
is within the threshold distance of the data access device 106. In
certain embodiments, the access controller 102 transmits the
personal data in response to determining that the authentication
device 108 is within the threshold distance of the data access
device 106.
In one embodiment, the access controller 102 is connected to a
network 104. Other components of the system 100 may also be
connected to the network 104 and communicate with the access
controller 102 over the network 104. For example, the network 104
may be at least in part the Internet, and the access controller 102
may receive the request for personal data over the Internet. In
another example, the network 104 may be at least in part a private
network. In yet another embodiment, components of the system 100
may be directly linked to one another. For example, the personal
data store 110 may be linked to the access controller 102.
The data access device 106, in one embodiment, requests personal
data from the access controller 102. The data access device 106
communicates with the access controller 102 over the network 104,
in one embodiment. For example, the data access device 106 may be
connected to the Internet, and the request for personal data may be
transmitted over the Internet to the access controller 102.
In some embodiments, the data access device 106 makes a request for
personal data without communicating with the authentication device
108. In another embodiment, the data access device 106 communicates
with the authentication device 108 to make the request for personal
data. For example, the data access device 106 may be a computer
with a Bluetooth interface, and the authentication device 108 may
communicate a secure identifier to the data access device 106 over
the Bluetooth interface for inclusion in the request for personal
data.
The authentication device 108, in one embodiment, is a device
assigned to the owner of the personal data. In certain embodiments,
the authentication device 108 establishes the location of the
personal data owner, and therefore should be in the possession of
the personal data owner.
The authentication device 108 may be any type of device capable of
establishing the location of the personal data owner. For example,
the authentication device 108 may be a purpose-built device with a
navigation satellite receiver that determines the position of the
authentication device 108 using a navigation satellite system, such
as the global positioning system (GPS). In another example, the
authentication device 108 may include software and/or hardware that
operates in conjunction with an existing device, such as a cell
phone, to determine the location of the authentication device 108.
Other examples of authentication devices 108 include, but are not
limited to, smart cards, radio frequency identifiers (RFID), and
implantable devices.
The personal data store 110, in one embodiment, is a data store
that contains personal data. In certain embodiments, the personal
data store 110 is organized into data items to indicate a type of
data. For example, the personal data store 110 may be a database
that stores and medical information about one or more
individuals.
In one embodiment, the personal data store 110 is connected to the
network 104. In this embodiment, the access controller 102 accesses
the personal data in the personal data store 110 through the
network 104. In an alternative embodiment, the personal data store
110 is connected to the access controller 102. For example, the
access controller 102 may operate on a server (not shown) that
includes the personal data store 110.
The data access device database 112, in one embodiment, is a
database that associates one or more data access devices 106 with a
location. For example, the data access device database 112 may
indicate that the data access device 106 is located at a particular
location.
In one embodiment, the data access device database 112 is connected
to the network 104. For example, the access controller 102 may
access the data access device database 112 over the network 104 to
determine the location of the data access device 106.
FIG. 2 depicts a schematic diagram of one embodiment of the access
controller 102 of FIG. 1. The access controller 102 includes a
request receiver 202, a data release authorizer 204, a personal
data transmitter 206, a first location determiner 208, a second
location determiner 210, an access level manager 212, a
confirmation code receiver 214, a timeframe manager 216, a personal
data owner interface 218, and a personal data consumer interface
220. The access controller 102 controls access to the personal data
stored in the personal data store 110.
The request receiver 202, in one embodiment, receives a request for
personal data from the data access device 106. The request receiver
202 may include any type of interface for receiving the request,
including, but not limited to, a data bus, a network interface, or
a wireless interface. For example, the request receiver 202 may
receive the request over an ethernet connection through an ethernet
interface. The request receiver 202 makes the request available to
other components of the access controller 102.
The data release authorizer 204, in certain embodiments, determines
if the personal data should be released to the data access device
106. The data release authorizer 204 makes this determination based
on characteristics of the request, characteristics of the
requesting data access device 106, the output of other components
of the access controller 102, and/or constraints placed upon the
personal data. For example, the data release authorizer 204 may
determine that the personal data should be released to the data
access device 106 because the data access device 106 is near the
location of the authentication device 108 and the personal data
requested is consistent with a type of data that the data access
device 106 is entitled to receive.
The personal data transmitter 206, in one embodiment, transmits the
personal data to the data access device 106. In one embodiment, the
personal data transmitter 206 transmits the personal data under the
direction of the data release authorizer 204. For example, the
personal data transmitter 206 may receive an input from the data
release authorizer 204 authorizing transmission of personal data
before transmitting the personal data. The personal data
transmitter 206 may be any type of transmitter capable of
transmitting the personal data, including, but not limited to, a
data bus, a network interface, or a wireless interface.
In one embodiment, the first location determiner 208 determines the
location of the data access device 106. The first location
determiner 208 provides the location of the data access device 106
to other components of the access controller 102. For example, the
first location determiner 208 may communicate the location of the
data access device 106 to the data release authorizer 204.
In one embodiment, the first location determiner 208 accesses the
data access device database 112 to retrieve location data
corresponding to the data access device 106 to determine the
location of the data access device 106. For example, the first
location determiner 208 may receive information from the data
access device database 112 that indicates a latitude and a
longitude corresponding to the location of the data access device
106.
In another embodiment, the first location determiner 208 determines
the location of the data access device 106 by receiving location
data from the data access device 106. For example, in one
embodiment, the data access device 106 includes a location sensor
that senses location data indicating the location of the data
access device 106. This location data is then made available to the
first location determiner 208. In one embodiment, the location data
is included with the personal data request delivered to the request
receiver 202.
The second location determiner 210, in one embodiment, determines
the location of the authentication device 108. The second location
determiner 210 provides the location of the authentication device
108 to other components of the access controller 102. For example,
the second location determiner 210 may communicate the location of
authentication device 108 to the data release authorizer 204.
In some embodiments, the location determiner 210 receives location
data corresponding to the location of the authentication device
108. In certain embodiments, the authentication device 108 includes
a location sensor (not shown) that senses the location data
corresponding to the location of the authentication device 108, and
the authentication device 108 transmits this location data to the
second location determiner 210. The location data may be received
by the second location determiner 210 in conjunction with the
request for personal data, or separate from the request for
personal data. In some embodiments, the location data corresponding
to the location of the authentication device 108 is transmitted
through the data access device 106 to the second location
determiner 210. In an alternative embodiment, the location data
corresponding to the location of the authentication device 108 is
transmitted to the second location determiner 210 independent of
the data access device 106. For example, the location data
corresponding to the location of the authentication device 108 may
be transmitted by the authentication device 108 over a cellular
telephone network to the second location determiner 210.
The access level manager 212, in one embodiment, manages one or
more access levels for the personal data. An access level indicates
a subset of personal data items that are available within the
access level. Different access levels may allow access to different
subsets of personal data items within the personal data.
In some embodiments, an access level is indicative of the
trustworthiness of the requesting data access device 106. For
example, a first access level may indicate a relatively high level
of trust, and allow access to more data items then a second access
level that indicates a relatively low level of trust. If the data
access device 106 is highly trusted, it may be granted access to
data within the first access level.
In another embodiment, an access level is indicative of the type of
data. For example, personal data items available within one access
level may include demographic information, while personal data
items available within another access level may include medical
information. In some embodiments, the data access device 106 has an
associated access level that indicates the type of data which the
data access device is permitted to access.
In one embodiment, the access level manager 212 responds to input
by a personal data owner to manage an access level. For example, a
personal data owner may request that a particular personal data
item be excluded from an access level, and the access level manager
212 may respond to this request by removing the particular personal
data item from the access level. In an alternative embodiment, the
access level manager 212 responds to input by an administrator to
manage an access level. For example, the access level manager 212
may add and/or remove personal data items from an access level as a
result of an input by an administrator requesting a change to the
access level.
In some embodiments, the access level manager 212 includes one or
more default access level definitions that are applied to personal
data absent input indicating changes to the default access levels.
For example, the default access level definition for medical
information may indicate that a particular set of personal data
items relating to medical information be included within a medical
information access level. In another embodiment, the access level
manager 212 includes one or more default access level definitions
customized for demographic data for a particular population. For
example, in one embodiment, the access level manager 212 includes a
default access level definition for personal data owners living in
a particular geographic region. In another embodiment, the access
level manager 212 may include a default access level definition by
gender of the personal data owner.
The confirmation code receiver 214, in one embodiment, receives a
confirmation code that authorizes release of personal data. In some
embodiments, the confirmation code is input by the personal data
owner and transmitted to the confirmation code receiver 214 and the
access controller 102 releases the personal data after determining
that the confirmation code is correct and the data access device
106 is within a threshold distance of the authentication device
108.
The timeframe manager 216 manages a length of time to allow access
to personal data, in one embodiment. The timeframe manager 216 may
determine a time to allow access subsequent to the data release
authorizer 204 releasing the personal data, after which the data
access device 106 is denied access to the personal data. For
example, the timeframe manager 216 may permit access to the
personal data for 30 minutes following an authorized request for
personal data. After the 30 minutes have elapsed, the data access
device 106 is denied continued access to the personal data until
and unless the request is authenticated by the access controller
102 again.
In certain embodiments, the timeframe manager 216 responds to an
input to define the length of time to allow access to the personal
data. For example, a data access owner may choose a length of time
to allow for continued access to his or her personal data. In some
embodiments, the timeframe manager 216 has a default length of time
to allow access to the personal data. In one embodiment, the
default length of time may be modified by an input, such as from a
user or an administrator.
The timeframe manager 216, in one embodiment, allows a different
length of time to allow access for individual access levels. For
example, an access level associated with medical data may allow
access for two days, while an access level associated with
demographic data may be accessible indefinitely.
In certain embodiments, the timeframe manager 216 associates a
length of time to allow access with a data access device 106. For
example, a particular data access device 106 may be granted access
to personal data for 30 minutes. In another embodiment, a personal
data owner may be prompted by the timeframe manger 216 to input a
time to allow access to the personal data in conjunction with the
request for personal data. For example, authorization of the
request for personal data may be configured to include a
confirmation code and a timeframe for continued access.
The personal data owner interface 218, in one embodiment, provides
access to the access controller 102 for the personal data owner.
The personal data owner interface 218 receives input from the
personal data owner to modify settings for components of the access
controller 102. For example, the personal data owner interface 218
may receive a timeframe from the personal data owner for continued
access to the personal data and provide the timeframe to the
timeframe manager 216.
The personal data owner interface 218 may be any type of interface
capable of receiving input from a personal data owner. For example,
the personal data owner interface 218 may be a web interface
accessed by a web browser. In a further example, the personal data
owner may log in to a web interface on a web browser operating on a
cell phone to provide a confirmation code for the confirmation code
receiver 214 for use in conjunction with a request for personal
data.
The personal data consumer interface 220, in one embodiment,
provides access to the access controller 102 for the personal data
consumer. The personal data consumer interface 220 receives input
from the personal data consumer to modify settings for components
of the access controller 102. For example, the personal data
consumer interface 220 may receive an input from the personal data
consumer requesting that a particular data access device 106 be
associated with a particular access level.
The personal data consumer interface 220 may be any type of
interface capable of receiving input from a personal data consumer.
For example, the personal data consumer interface 220 may be a web
interface accessed by a web browser.
FIG. 3 depicts a schematic diagram of one embodiment of the data
access device 106 of FIG. 1. The data access device 106 includes a
request transmitter 302, a personal data receiver 304, an access
device identifier 306, and an authorization device interface 308.
The data access device 106 requests and receives personal data.
In one embodiment, the request transmitter 302 transmits the
request for personal data to the access controller 102. The request
transmitter 302 may be any type of transmitter capable of
transmitting the request. For example, the request transmitter 302
may include a modem that transmits the request for personal data
over a telephone line. In another example, the request transmitter
302 may include a network adapter that transmits the request for
personal data over the network 104.
The personal data receiver 304, in one embodiment, receives the
requested personal data after the access controller 102 authorizes
the request. The personal data receiver 304 may then provide the
personal data to another device or application for use. For
example, the personal data receiver 304 may transmit the personal
data to a processor (not shown) which processes the personal
data.
The personal data receiver 304 may be any type of receiver capable
of receiving the personal data. For example, the personal data
receiver 304 may include a modem that receives the personal data
over a telephone line. In another example, the personal data
receiver 304 may include a network adapter that receives the
personal data over the network 104.
In certain embodiments, the request transmitter 302 and the
personal data receiver 304 may operate the same device to perform
their functions. For example, the request transmitter 302 and the
personal data receiver 304 may operate a single modem which sends
requests for the request transmitter 302 and receives personal data
for the personal data receiver 304. In an alternative embodiment,
the request transmitter 302 and the personal data receiver 304
operate a separate transmitter and receiver, respectively.
The access device identifier 306, in one embodiment, identifies the
data access device 106. In one embodiment, the access device
identifier 306 includes a serial number for the data access device
106. In some embodiments, the access device identifier 306 is
transmitted to the access controller 102 to identify the requesting
data access device 106. In certain embodiments, the access device
identifier 306 includes a security feature. For example, the access
device identifier 306 may include a digital signature that securely
identifies the data access device 106. In some embodiments, the
access device identifier 306 is encrypted.
In certain embodiments, the authorization device interface 308
provides an interface for communication with the authorization
device 108. The authorization device interface 308 receives
information from the authorization device 108 in conjunction with
the request for personal data. For example, the authorization
device interface 308 may receive a confirmation code from the
authorization device 108 for transmission to the access controller
102. The authorization device interface 308 may be any type of
interface capable of transmitting data from the authorization
device 108 to the data access device 106. For example, the
authorization device interface 308 may be a Bluetooth interface, an
RFID interface, an optical interface, or the like.
FIG. 4 depicts a schematic diagram of one embodiment of the
authentication device 108 of FIG. 1. The authentication device 108
includes a second location sensor 402, a second location
transmitter 404, a secure identifier 406, a navigation satellite
receiver 408, a cell phone receiver 410, a confirmation code
receiver 412, and a data access device interface 414. The
authentication device 108 provides location data to the access
controller 102 indicating the location of the authentication device
108.
The second location sensor 402, in one embodiment, senses second
location data indicative of the location of the authentication
device 108. In some embodiments, the second location sensor 402
uses the navigation satellite receiver 408 to sense the second
location data. For example, the second location sensor 402 may
determine second location data indicative of a latitude and a
longitude of the authentication device 108 from a global
positioning system (GPS). The second location sensor 402, in
certain embodiments, accesses a navigation satellite receiver 408
and/or a cell phone receiver 410 to sense the second location data.
In some embodiments, the second location sensor receives second
location data from other sources, such as a ground based
augmentation system, an inertial navigation system, or a
terrestrial radio navigation system.
In one embodiment, the second location transmitter 404 transmits
the second location data to the access controller 102. In certain
embodiments, the second location transmitter 404 transmits the
second location data independent of the data access device 106. For
example, the second location transmitter may include a cell phone
transmitter (not shown) which transmits the second location through
a cell phone network. In another embodiment, the second location
transmitter 404 transmits the second location data through the data
access device 106. For example, the second location transmitter 404
may transmit the second location data to the data access device
106, which then transmits the second location data to the access
controller 102.
The secure identifier 406, in one embodiment, identifies the
authentication device 108. In some embodiments, the secure
identifier 406 includes a security feature. For example, the secure
identifier 406 may include a digital signature that securely
identifies the authentication device 108. In some embodiments, the
secure identifier 406 is encrypted. For example, in some
embodiments, the secure identifier 406 uses a public key encryption
system to encrypt the secure identifier 406.
In some embodiments, the navigation satellite receiver 408 senses a
signal from a navigation satellite system (not shown) to determine
location data indicative of the location of the authentication
device 108. The navigation satellite receiver 408, in one
embodiment, communicates the location data to the second location
transmitter 404. Examples of navigation satellite systems that may
be sensed by the navigation satellite receiver 408 include, but are
not limited to, the Global Positioning System (GPS), the
Global'naya Navigatsionnaya Sputnikovaya Sistema (GLONASS), the
Beidou Satellite Navigation and Positioning System, the Compass
navigation system, the Galileo positioning system, the Doppler
Orbitography and Radio-positioning Integrated by Satellite (DORIS),
the Indian Regional Navigational Satellite System (IRNSS), and the
Quasi-Zenith Satellite System (QZSS).
In one embodiment, the cell phone receiver 410 senses cell phone
tower data from one or more cell phone towers (not shown) to
determine location data indicative of the location of the
authentication device 108. As used herein, the term, "cell phone
tower" refers to any type of site where antennas and electronic
communications equipment are placed to create a cell in a network
for mobile telephones. The cell phone receiver 410, in one
embodiment, communicates the cell phone tower data to the second
location transmitter 404. The cell phone receiver 410 may
communicate with any type of cell phone tower on any type of mobile
phone network. In some embodiments, the cell phone receiver 410
receives a signal from two or more cell phone towers having known
locations and uses triangulation to infer the location of the
authentication device 108. In another embodiment, the cell phone
receiver 410 receives a signal from one cell phone tower and uses a
known location of the cell phone tower to infer the location of the
authentication device 108.
The confirmation code receiver 412, in one embodiment, receives a
confirmation code from the personal data owner authorizing release
of the personal data. In one embodiment, the confirmation code
receiver 412 prompts the personal data owner for an input
authorizing the release of personal data. In certain embodiments,
the confirmation code receiver 412 communicates the confirmation
code to the access controller 102. For example, in one embodiment,
the authentication device 108 includes an input device (not shown)
such as a numeric keypad, and the confirmation code receiver 412
receives a personal identification number (PIN) through the numeric
keypad as a confirmation code.
In certain embodiments, the authentication device 108 includes the
data access device interface 414 that communicates with the data
access device 106. In some embodiments, the data access device
interface 414 communicates authentication device information, such
as, but not limited to, the secure identifier 406, the second
location data, and/or the confirmation code. In another embodiment,
the data access device interface 414 receives data access device
information from the data access device 106, such as, but not
limited to, a request for a confirmation code, and/or an access
device identifier 306.
FIG. 5 depicts a schematic diagram of another embodiment of a
system 500 for proximity-based authentication for managing personal
data. The system includes an authentication device 108 and a data
access device 106. In certain embodiments, the system 500
determines if the authentication device 108 and the data access
device 106 are within a threshold distance 502 of one another.
In one embodiment, the system 500 determines a location for both
the data access device 106 and the authentication device 108. The
system 500 compares these locations to determine if the
authentication device 108 is within the threshold distance 502 of
the data access device 106. By determining that the two devices
108, 106 are within the first threshold distance 502, the system
500 infers that the personal data owner is present at the data
access device 106, and therefore may desire the release of personal
data.
In some embodiments, the system 500 compares the locations of the
data access device 106 and the authentication device 108 to
determine if these locations are within a second threshold distance
504 of one another. The system 500 may respond to determining that
the two devices 108, 106 are within the second threshold distance
504 of one another by granting access to personal data at a
particular access level. For example, the second threshold distance
504 may be a relatively long distance, and the access level granted
to a data access device 106 within the second threshold distance
504 of the authentication device 108 may include relatively little
personal data, such as demographic data that does not individually
identify the personal data owner. This type of threshold distance
and access level may be useful in compiling demographic data.
In some embodiments, limited personal data provided to a data
access device 106 within a second threshold distance 504 may be
used to provide marketing opportunities for an operator of the data
access device 106. For example, the operator of the data access
device 106 may be a charity organization, and an authentication
device 108 within the second threshold distance 504 of the data
access device 106 may release contact information for the personal
data owner. The charity organization in this example may then
contact the personal data owner to provide information about an
opportunity to interact with a charity organization close to the
personal data owner that the personal data owner might otherwise
have not known about.
FIG. 6 is a flowchart diagram depicting one embodiment of a method
600 for proximity-based authentication for managing personal data.
The method 600 is, in certain embodiments, a method of use of the
systems and apparatuses of FIGS. 1-5, and is described with
reference to those figures. Nevertheless, the method 600 may also
be conducted independently thereof and is not intended to be
limited to the specific embodiments discussed above with respect to
those figures.
In the method 600, the request receiver 202 receives 602 a request
for personal data. The request for personal data may be a request
for any particular type of personal data, a subset of personal
data, or a particular personal data item. In some embodiments, the
received 602 request for personal data is a request for all
available personal data.
In some embodiments, the first location determiner 208 accesses 604
a data access device database 112 to determine the location of the
data access device 106. The data access device database 112
provides first location data indicative of the location of the data
access device 106. In an alternative embodiment, the first location
determiner 208 receives first location data indicative of the
location of the data access device 106 from the data access device
106.
The second location determiner 210, in one embodiment, receives 606
second location data to determine the location of the
authentication device 108. In one embodiment, the second location
data is received 606 from the authentication device 108, which, in
turn, senses the second location data using a second location
sensor 402. In an alternative embodiment, the second location data
606 is received via the data access device 106 which, in turn,
receives the second location data from the authentication device
108. In some embodiments, the second location data 606 is
transmitted to the second location determiner 210 with the request
for personal data.
The data release authorizer 204, in one embodiment, determines 608
if the first location is within a threshold distance 502 of the
second location. The data release authorizer 204 infers from this
determination if the data access device 106 is near enough to the
authentication device 108 to allow a release of personal data. If
the first location is not within the threshold distance of the
second location, the data release authorizer 204 does not release
610 the personal data. If the first location is within the
threshold distance of the second location, the data release
authorizer 204 may release the personal data, or it may perform
other determinations to determine if the personal data should be
released.
The access level manager 212, in one embodiment, determines 612 the
allowed access level of the data access device 106. In some
embodiments, the access level manager determines 614 the access
level required for the request of personal data. The data release
authorizer 204 may compare 616 the allowed access level to the
required access level to determine if the personal data should be
released. If the requested data is not within the allowed access
level, the data release authorizer 204 does not release 610
personal data. If the data release authorizer 204 determines that
the requested data is within the allowed access level, the data
release authorizer 204 may transmit 618 the personal data.
It should also be noted that at least some of the operations for
the methods may be implemented using software instructions stored
on a computer useable storage medium for execution by a computer.
As an example, an embodiment of a computer program product includes
a computer useable storage medium to store a computer readable
program for proximity-based authentication for managing personal
data that, when executed on a computer, causes the computer to
perform operations. The operations may include receiving a request
for personal data from a data access device, determining a first
location corresponding to the location of the data access device,
and determining a second location corresponding to the location of
an authentication device. The operations may also include
transmitting the personal data to the data access device if the
first location is within a threshold distance of the second
location.
Embodiments of the invention can take the form of an entirely
hardware embodiment, an entirely software embodiment, or an
embodiment containing both hardware and software elements. In one
embodiment, the invention is implemented in software, which
includes but is not limited to firmware, resident software,
microcode, etc.
Furthermore, embodiments of the invention can take the form of a
computer program product accessible from a computer-usable or
computer-readable storage medium providing program code for use by
or in connection with a computer or any instruction execution
system. For the purposes of this description, a computer-usable or
computer readable storage medium can be any apparatus that can
store the program for use by or in connection with the instruction
execution system, apparatus, or device.
The computer-useable or computer-readable storage medium can be an
electronic, magnetic, optical, electromagnetic, infrared, or
semiconductor system (or apparatus or device), or a propagation
medium. Examples of a computer-readable storage medium include a
semiconductor or solid state memory, magnetic tape, a removable
computer diskette, a random access memory (RAM), a read-only memory
(ROM), a rigid magnetic disk, and an optical disk. Current examples
of optical disks include a compact disk with read only memory
(CD-ROM), a compact disk with read/write (CD-R/W), and a digital
video disk (DVD).
An embodiment of a data processing system suitable for storing
and/or executing program code includes at least one processor
coupled directly or indirectly to memory elements through a system
bus such as a data, address, and/or control bus. The memory
elements can include local memory employed during actual execution
of the program code, bulk storage, and cache memories which provide
temporary storage of at least some program code in order to reduce
the number of times code must be retrieved from bulk storage during
execution.
Input/output (I/O) devices (including but not limited to keyboards,
displays, pointing devices, etc.) can be coupled to the system
either directly or through intervening I/O controllers.
Additionally, network adapters also may be coupled to the system to
enable the data processing system to become coupled to other data
processing systems or remote printers or storage devices through
intervening private or public networks. Modems, cable modems, and
Ethernet cards are just a few of the currently available types of
network adapters.
Although the operations of the method(s) herein are shown and
described in a particular order, the order of the operations of
each method may be altered so that certain operations may be
performed in an inverse order or so that certain operations may be
performed, at least in part, concurrently with other operations. In
another embodiment, instructions or sub-operations of distinct
operations may be implemented in an intermittent and/or alternating
manner.
Although specific embodiments of the invention have been described
and illustrated, the invention is not to be limited to the specific
forms or arrangements of parts so described and illustrated. The
scope of the invention is to be defined by the claims appended
hereto and their equivalents.
* * * * *